Skip to content

Commit

Permalink
Upgrade grpc to 1.57.2 (thanos-io#7078)
Browse files Browse the repository at this point in the history 
1、In the replace of go.mod, due to weaveworks/common#239, The grpc version is 1.45.0, but there are vulnerabilities in this version. In order to fix CVE-2023-44478, the grpc version needs to be upgraded to 1.57.2
2、In order to upgrade GRPC, the version of weaveworks/common also needs to be upgraded, otherwise the build will fail

Signed-off-by: hanyuting8 <hytxidian@163.com>
  • Loading branch information
@hanyuting8 @MichaHoffmann
hanyuting8 authored and MichaHoffmann committed Feb 11, 2024
1 parent 18d740f commit 4a9bc63
Show file tree
Hide file tree
Showing 2 changed files with 855 additions and 21 deletions.
7 changes: 3 additions & 4 deletions go.mod
View file
Expand Up @@ -33,7 +33,6 @@ require (
github.com/googleapis/gax-go v2.0.2+incompatible
github.com/gorilla/mux v1.8.0 // indirect
github.com/grafana/regexp v0.0.0-20221122212121-6b5c0a4cb7fd // indirect
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect
github.com/grpc-ecosystem/go-grpc-middleware/providers/kit/v2 v2.0.0-20201002093600-73cf2ae9d891
github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.0.0-rc.2.0.20201207153454-9f6bf00c00a7
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
Expand Down Expand Up @@ -70,7 +69,7 @@ require (
github.com/uber/jaeger-client-go v2.30.0+incompatible
github.com/uber/jaeger-lib v2.4.1+incompatible // indirect
github.com/vimeo/galaxycache v0.0.0-20210323154928-b7e5d71c067a
github.com/weaveworks/common v0.0.0-20221201103051-7c2720a9024d
github.com/weaveworks/common v0.0.0-20230728070032-dd9e68f319d5
go.elastic.co/apm v1.11.0
go.elastic.co/apm/module/apmot v1.11.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect
Expand Down Expand Up @@ -136,6 +135,7 @@ require (
github.com/metalmatze/signal v0.0.0-20210307161603-1c9aa721a97a // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/onsi/ginkgo v1.16.5 // indirect
github.com/sercand/kuberesolver/v4 v4.0.0 // indirect
github.com/zhangyunhao116/umap v0.0.0-20221211160557-cb7705fafa39 // indirect
go.opentelemetry.io/collector/featuregate v1.0.0 // indirect
go.opentelemetry.io/collector/pdata v1.0.0 // indirect
Expand Down Expand Up @@ -232,7 +232,6 @@ require (
github.com/rivo/uniseg v0.2.0 // indirect
github.com/rs/xid v1.5.0 // indirect
github.com/santhosh-tekuri/jsonschema v1.2.4 // indirect
github.com/sercand/kuberesolver v2.4.0+incompatible // indirect
github.com/shirou/gopsutil/v3 v3.22.9 // indirect
github.com/sirupsen/logrus v1.9.3 // indirect
github.com/spaolacci/murmur3 v1.1.0 // indirect
Expand Down Expand Up @@ -273,7 +272,7 @@ replace (
github.com/vimeo/galaxycache => github.com/thanos-community/galaxycache v0.0.0-20211122094458-3a32041a1f1e

// Override due to https://github.com/weaveworks/common/issues/239
google.golang.org/grpc => google.golang.org/grpc v1.45.0
google.golang.org/grpc => google.golang.org/grpc v1.57.2

// Overriding to use latest commit.
gopkg.in/alecthomas/kingpin.v2 => github.com/alecthomas/kingpin v1.3.8-0.20210301060133-17f40c25f497
Expand Down

0 comments on commit 4a9bc63

Please sign in to comment.